Monday, January 30, 2012
OK, so it's a bit early to be predicting Supreme Court cert., but if I were a privacy advocate, I'd be pushing hard on this case as a possible vehicle for the Court. The reason are the facts: mainly that the FDA engaged in substantial monitoring of employee e-mails to Congress regarding the employees' whistleblowing about their allegations that the FDA was approving unsafe devices. According to the Washington Post:
The surveillance — detailed in e-mails and memos unearthed by six of the scientists and doctors, who filed a lawsuit against the FDA in U.S. District Court in Washington last week — took place over two years as the plaintiffs accessed their personal Gmail accounts from government computers.
Information garnered this way eventually contributed to the harassment or dismissal of all six of the FDA employees, the suit alleges. All had worked in an office responsible for reviewing devices for cancer screening and other purposes.
Copies of the e-mails show that, starting in January 2009, the FDA intercepted communications with congressional staffers and draft versions of whistleblower complaints complete with editing notes in the margins. The agency also took electronic snapshots of the computer desktops of the FDA employees and reviewed documents they saved on the hard drives of their government computers.
FDA computers post a warning, visible when users log on, that they should have “no reasonable expectation of privacy” in any data passing through or stored on the system, and that the government may intercept any such data at any time for any lawful government purpose.
There's more detail about the monitoring, which was quite robust, so check out the full article. Obviously, there are issues about the extent to which the banner warning protects public employer monitoring and, a subset of that question, is whether on its own terms, the warning considers retaliatory purposes to be "lawful." But the facts just sound bad for the agency, which shouldn't matter, but we all know does.
Of course, the main take-home point is what I tell my students every semester: if you don't want your employer to see what you're doing on your computer, then don't do it at work.